Predator Ransomware

The Predator Ransomware was first observed in July 2018. The Predator Ransomware carries out an encryption ransomware attack, taking the victims' files hostage and demanding a ransom payment from the victim. After the Predator Ransomware carries out its attack, the affected files will become unrecoverable, meaning that it will be necessary to use a reliable backup method to ensure that the files compromised in the Predator Ransomware attack can be recovered.

The Predator that Has Your Files as Its Preys

The Predator Ransomware is typically delivered to the victim's computer through the use of corrupted email attachments, which use embedded macro scripts in DOCX or PDF files to download and install the Predator Ransomware onto the victim's computer. Once installed, the Predator Ransomware will use the AES encryption to make the victim's files inaccessible, marking each compromised file with the new extension '.predator.' The following are examples of the files that the Predator Ransomware targets in its attack:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

Although some PC security researchers consider it possible that the Predator Ransomware's encryption method can be cracked, it is not possible to restore the files affected by the Predator Ransomware currently.

The Predator Ransomware’s Ransom Demand

The Predator Ransomware's attacks have the purpose of demanding ransom payments from the victims. The Predator Ransomware delivers its ransom note in a text file named 'README.txt,' which demands a ransom payment of 100 USD in Bitcoin to a specific Bitcoin Wallet. The following is the text of the Predator Ransomware ransom note:

'Your files were encrypted with Predator The Cipher!
Predator The Cipher v1.0
To decrypt your files:
1. Send 100$ to this bitcoin wallet: 1Pe9zG5uZFj4bGxPs98VbReXrnFayuoGf.
2. Send us email with your machine ID (random characters) and bitcoin wallet ID: nadwkjk@protonmail.com
Then we would send you back our decipher tool.
ATTENTION!
DO NOT TRY TO DECRYPT OR DELETE YOUR FILES. YOU WILL ONLY MAKE IT WORSE!'

PC security researchers highly recommend that computer users not contact the criminals responsible for the Predator Ransomware nor follow the instructions in the Predator Ransomware ransom note. Instead, computer users should take steps to prevent these attacks.

Protecting Your Data From Threats Like the Predator Ransomware

The best protection against threats like the Predator Ransomware is to have backup copies of your files stored in an inaccessible location, either on the cloud or an external memory device. Having file backups ensures that criminals cannot demand a ransom payment by taking your files hostage since the encrypted files can be deleted and replaced with backup copies. Apart from file backups, PC security analysts strongly advise computer users to use a security product that is fully up-to-date to protect their computers. A reliable security application can intercept the Predator Ransomware and remove the threat itself, although it will not restore any of the compromised files. Since the Predator Ransomware is mainly delivered using spam email attachments, it is also crucial to learn to recognize and prevent these tactics.